Obama's new sanctions for cybercriminals is important — but it won't stop the 2 biggest players

China's President Xi Jinping (front), Russia's President Vladimir Putin (2nd row), and U.S. President Barack Obama (3rd row) walk as they take part in an Asia-Pacific Economic Cooperation (APEC) family photo.
REUTERS/Kim Kyung-Hoon
President Obama's executive order to sanction overseas cyber criminals likely won't deter sophisticated state-sponsored hackers in Russia and China, according to geopolitical expert Ian Bremmer.

"I doubt this is going to change the behavior of primary American cyber adversaries — Russia and China — because the credibility and comparative scale of retaliatory sanctions is too small," Bremmer, president of Eurasia group, told Business Insider over email.

The executive order at issue declares "significant malicious cyber-enabled activities" to be a national emergency.

By doing so, the order allows the US Treasury to freeze the assets and bank accounts of overseas cybercriminals who attempt to attack critical infrastructure, steal intellectual property, benefit from that stolen property, or disrupt major computer networks, the Washington Post reported.

"On the former, threats of integrity attacks against US government and private sector are growing sharply as Putin feels himself increasingly backed into a corner," Bremmer wrote. "On the latter, China has too much to gain by continuing cyber industrial espionage against American firms."

In July 2014, researchers discovered that a sophisticated cyberweapon similar to the powerful Stuxnet virus had infected the industrial control systems of hundreds of European and US energy companies over the course of 18 months. Investigators pointed at Russian cybercriminals.

Advertisement

And in March, the State Department revealed that it had yet to fully purge suspected Russian hackers from its email system after suffering its "worst ever" cyberattack in November 2014.

Chinese military hackersYouTube/NTDTV
China, for its part, has been stealing intellectual property from US military and civilian networks for more than a decade.

Noting that it took years to pin attacks on China's army, Bremmer said Obama's order is "difficult to enforce because proving the state-sponsored origin of cyber attacks takes an enormous amount of time and effort."

On the other hand, Bremmer said that "it's an important step, as you certainly want the legal option to enforce sanctions in response to cyber threats."

He added that "lots of countries are getting into the cyber game, and clearer American retaliatory capabilities should help deter them from coming after the US."

"It may become like 'Catch Me If You Can'"

Seasoned cyber security experts told Business insider that while significant, the new system won't make the job of attributing attacks any easier.

"The really good hackers will launch attacks out of multiple servers," cyber security expert Jonathan Pollet told Business Insider. "And if the actors are outside of US borders there is really very little our government can do about it."

DreamWorks
"It may become like 'Catch Me If You Can,'" cyber security expert Joe Loomis, founder and CEO of CyberSponse, told Business Insider. "Where hackers make it a game of seeing how long they can dodge the wrath of the US government."

To be clear, it's by and large a good thing to have the legal option to enforce sanctions in response to cyber threats, experts told us.

The program's power, however, will ultimately come more from its political symbolism than its functionality.

"Hackers live on the dark net and are smart enough to cover their own tracks," Loomis said. "It's like putting locks on doors — it's a good protective measure, but it won't necessarily stop the crime from happening."

In any case, Bremmer noted, the new policy is "one more indication that the weaponization of finance is fast becoming a primary tool of foreign policy influence for Americans."